Blame view
security/selinux/xfrm.c
10.6 KB
d28d1e080 [LSM-IPSec]: Per-... |
1 2 3 4 5 6 7 8 |
/* * NSA Security-Enhanced Linux (SELinux) security module * * This file contains the SELinux XFRM hook function implementations. * * Authors: Serge Hallyn <sergeh@us.ibm.com> * Trent Jaeger <jaegert@us.ibm.com> * |
e0d1caa7b [MLSXFRM]: Flow b... |
9 10 11 12 |
* Updated: Venkat Yekkirala <vyekkirala@TrustedCS.com> * * Granular IPSec Associations for use in MLS environments. * |
d28d1e080 [LSM-IPSec]: Per-... |
13 |
* Copyright (C) 2005 International Business Machines Corporation |
e0d1caa7b [MLSXFRM]: Flow b... |
14 |
* Copyright (C) 2006 Trusted Computer Solutions, Inc. |
d28d1e080 [LSM-IPSec]: Per-... |
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
* * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2, * as published by the Free Software Foundation. */ /* * USAGE: * NOTES: * 1. Make sure to enable the following options in your kernel config: * CONFIG_SECURITY=y * CONFIG_SECURITY_NETWORK=y * CONFIG_SECURITY_NETWORK_XFRM=y * CONFIG_SECURITY_SELINUX=m/y * ISSUES: * 1. Caching packets, so they are not dropped during negotiation * 2. Emulating a reasonable SO_PEERSEC across machines * 3. Testing addition of sk_policy's with security context via setsockopt */ |
d28d1e080 [LSM-IPSec]: Per-... |
34 35 36 37 38 39 40 |
#include <linux/kernel.h> #include <linux/init.h> #include <linux/security.h> #include <linux/types.h> #include <linux/netfilter.h> #include <linux/netfilter_ipv4.h> #include <linux/netfilter_ipv6.h> |
5a0e3ad6a include cleanup: ... |
41 |
#include <linux/slab.h> |
d28d1e080 [LSM-IPSec]: Per-... |
42 43 44 45 46 47 48 |
#include <linux/ip.h> #include <linux/tcp.h> #include <linux/skbuff.h> #include <linux/xfrm.h> #include <net/xfrm.h> #include <net/checksum.h> #include <net/udp.h> |
60063497a atomic: use <linu... |
49 |
#include <linux/atomic.h> |
d28d1e080 [LSM-IPSec]: Per-... |
50 51 52 53 |
#include "avc.h" #include "objsec.h" #include "xfrm.h" |
d621d35e5 SELinux: Enable d... |
54 55 |
/* Labeled XFRM instance counter */ atomic_t selinux_xfrm_refcount = ATOMIC_INIT(0); |
d28d1e080 [LSM-IPSec]: Per-... |
56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 |
/* * Returns true if an LSM/SELinux context */ static inline int selinux_authorizable_ctx(struct xfrm_sec_ctx *ctx) { return (ctx && (ctx->ctx_doi == XFRM_SC_DOI_LSM) && (ctx->ctx_alg == XFRM_SC_ALG_SELINUX)); } /* * Returns true if the xfrm contains a security blob for SELinux */ static inline int selinux_authorizable_xfrm(struct xfrm_state *x) { return selinux_authorizable_ctx(x->security); } /* |
e0d1caa7b [MLSXFRM]: Flow b... |
76 77 |
* LSM hook implementation that authorizes that a flow can use * a xfrm policy rule. |
d28d1e080 [LSM-IPSec]: Per-... |
78 |
*/ |
03e1ad7b5 LSM: Make the Lab... |
79 |
int selinux_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir) |
d28d1e080 [LSM-IPSec]: Per-... |
80 |
{ |
5b368e61c IPsec: correct se... |
81 82 |
int rc; u32 sel_sid; |
d28d1e080 [LSM-IPSec]: Per-... |
83 84 |
/* Context sid is either set to label or ANY_ASSOC */ |
03e1ad7b5 LSM: Make the Lab... |
85 |
if (ctx) { |
d28d1e080 [LSM-IPSec]: Per-... |
86 87 88 89 |
if (!selinux_authorizable_ctx(ctx)) return -EINVAL; sel_sid = ctx->ctx_sid; |
03e1ad7b5 LSM: Make the Lab... |
90 |
} else |
5b368e61c IPsec: correct se... |
91 92 93 94 95 96 |
/* * All flows should be treated as polmatch'ing an * otherwise applicable "non-labeled" policy. This * would prevent inadvertent "leaks". */ return 0; |
d28d1e080 [LSM-IPSec]: Per-... |
97 |
|
e0d1caa7b [MLSXFRM]: Flow b... |
98 99 |
rc = avc_has_perm(fl_secid, sel_sid, SECCLASS_ASSOCIATION, ASSOCIATION__POLMATCH, |
d28d1e080 [LSM-IPSec]: Per-... |
100 |
NULL); |
5b368e61c IPsec: correct se... |
101 |
if (rc == -EACCES) |
03e1ad7b5 LSM: Make the Lab... |
102 |
return -ESRCH; |
5b368e61c IPsec: correct se... |
103 |
|
d28d1e080 [LSM-IPSec]: Per-... |
104 105 106 107 |
return rc; } /* |
e0d1caa7b [MLSXFRM]: Flow b... |
108 109 110 111 112 |
* LSM hook implementation that authorizes that a state matches * the given policy, flow combo. */ int selinux_xfrm_state_pol_flow_match(struct xfrm_state *x, struct xfrm_policy *xp, |
e33f77042 xfrm: Mark flowi ... |
113 |
const struct flowi *fl) |
e0d1caa7b [MLSXFRM]: Flow b... |
114 115 |
{ u32 state_sid; |
67f83cbf0 SELinux: Fix SA s... |
116 |
int rc; |
e0d1caa7b [MLSXFRM]: Flow b... |
117 |
|
67f83cbf0 SELinux: Fix SA s... |
118 |
if (!xp->security) |
5b368e61c IPsec: correct se... |
119 120 121 122 123 124 |
if (x->security) /* unlabeled policy and labeled SA can't match */ return 0; else /* unlabeled policy and unlabeled SA match all flows */ return 1; |
5b368e61c IPsec: correct se... |
125 |
else |
67f83cbf0 SELinux: Fix SA s... |
126 127 |
if (!x->security) /* unlabeled SA and labeled policy can't match */ |
5b368e61c IPsec: correct se... |
128 |
return 0; |
67f83cbf0 SELinux: Fix SA s... |
129 130 131 132 |
else if (!selinux_authorizable_xfrm(x)) /* Not a SELinux-labeled SA */ return 0; |
5b368e61c IPsec: correct se... |
133 |
|
67f83cbf0 SELinux: Fix SA s... |
134 |
state_sid = x->security->ctx_sid; |
e0d1caa7b [MLSXFRM]: Flow b... |
135 |
|
1d28f42c1 net: Put flowi_* ... |
136 |
if (fl->flowi_secid != state_sid) |
67f83cbf0 SELinux: Fix SA s... |
137 |
return 0; |
e0d1caa7b [MLSXFRM]: Flow b... |
138 |
|
1d28f42c1 net: Put flowi_* ... |
139 |
rc = avc_has_perm(fl->flowi_secid, state_sid, SECCLASS_ASSOCIATION, |
e0d1caa7b [MLSXFRM]: Flow b... |
140 141 |
ASSOCIATION__SENDTO, NULL)? 0:1; |
67f83cbf0 SELinux: Fix SA s... |
142 143 144 145 146 147 |
/* * We don't need a separate SA Vs. policy polmatch check * since the SA is now of the same label as the flow and * a flow Vs. policy polmatch check had already happened * in selinux_xfrm_policy_lookup() above. */ |
e0d1caa7b [MLSXFRM]: Flow b... |
148 149 150 151 |
return rc; } /* |
6b877699c SELinux: Return c... |
152 153 |
* LSM hook implementation that checks and/or returns the xfrm sid for the * incoming packet. |
e0d1caa7b [MLSXFRM]: Flow b... |
154 |
*/ |
beb8d13be [MLSXFRM]: Add fl... |
155 |
int selinux_xfrm_decode_session(struct sk_buff *skb, u32 *sid, int ckall) |
e0d1caa7b [MLSXFRM]: Flow b... |
156 157 |
{ struct sec_path *sp; |
beb8d13be [MLSXFRM]: Add fl... |
158 |
*sid = SECSID_NULL; |
e0d1caa7b [MLSXFRM]: Flow b... |
159 160 161 162 163 164 165 166 167 168 169 170 171 172 |
if (skb == NULL) return 0; sp = skb->sp; if (sp) { int i, sid_set = 0; for (i = sp->len-1; i >= 0; i--) { struct xfrm_state *x = sp->xvec[i]; if (selinux_authorizable_xfrm(x)) { struct xfrm_sec_ctx *ctx = x->security; if (!sid_set) { |
beb8d13be [MLSXFRM]: Add fl... |
173 |
*sid = ctx->ctx_sid; |
e0d1caa7b [MLSXFRM]: Flow b... |
174 |
sid_set = 1; |
beb8d13be [MLSXFRM]: Add fl... |
175 176 177 |
if (!ckall) break; |
3c1c88ab8 SELinux: xfrm.c w... |
178 |
} else if (*sid != ctx->ctx_sid) |
e0d1caa7b [MLSXFRM]: Flow b... |
179 180 181 182 183 184 185 186 187 |
return -EINVAL; } } } return 0; } /* |
d28d1e080 [LSM-IPSec]: Per-... |
188 189 190 |
* Security blob allocation for xfrm_policy and xfrm_state * CTX does not have a meaningful value on input */ |
e0d1caa7b [MLSXFRM]: Flow b... |
191 |
static int selinux_xfrm_sec_ctx_alloc(struct xfrm_sec_ctx **ctxp, |
c1a856c96 SELinux: Various ... |
192 |
struct xfrm_user_sec_ctx *uctx, u32 sid) |
d28d1e080 [LSM-IPSec]: Per-... |
193 194 |
{ int rc = 0; |
86a264abe CRED: Wrap curren... |
195 |
const struct task_security_struct *tsec = current_security(); |
e0d1caa7b [MLSXFRM]: Flow b... |
196 197 198 |
struct xfrm_sec_ctx *ctx = NULL; char *ctx_str = NULL; u32 str_len; |
e0d1caa7b [MLSXFRM]: Flow b... |
199 |
|
c1a856c96 SELinux: Various ... |
200 |
BUG_ON(uctx && sid); |
e0d1caa7b [MLSXFRM]: Flow b... |
201 |
|
cb969f072 [MLSXFRM]: Defaul... |
202 203 |
if (!uctx) goto not_from_user; |
e0d1caa7b [MLSXFRM]: Flow b... |
204 |
|
8f82a6880 selinux: Fix chec... |
205 |
if (uctx->ctx_alg != XFRM_SC_ALG_SELINUX) |
e0d1caa7b [MLSXFRM]: Flow b... |
206 |
return -EINVAL; |
d28d1e080 [LSM-IPSec]: Per-... |
207 |
|
57002bfb3 SELinux: suppress... |
208 209 |
str_len = uctx->ctx_len; if (str_len >= PAGE_SIZE) |
d28d1e080 [LSM-IPSec]: Per-... |
210 211 212 |
return -ENOMEM; *ctxp = ctx = kmalloc(sizeof(*ctx) + |
57002bfb3 SELinux: suppress... |
213 |
str_len + 1, |
d28d1e080 [LSM-IPSec]: Per-... |
214 215 216 217 218 219 |
GFP_KERNEL); if (!ctx) return -ENOMEM; ctx->ctx_doi = uctx->ctx_doi; |
57002bfb3 SELinux: suppress... |
220 |
ctx->ctx_len = str_len; |
d28d1e080 [LSM-IPSec]: Per-... |
221 222 223 224 |
ctx->ctx_alg = uctx->ctx_alg; memcpy(ctx->ctx_str, uctx+1, |
57002bfb3 SELinux: suppress... |
225 226 |
str_len); ctx->ctx_str[str_len] = 0; |
d28d1e080 [LSM-IPSec]: Per-... |
227 |
rc = security_context_to_sid(ctx->ctx_str, |
57002bfb3 SELinux: suppress... |
228 |
str_len, |
d28d1e080 [LSM-IPSec]: Per-... |
229 230 231 232 233 234 |
&ctx->ctx_sid); if (rc) goto out; /* |
c8c05a8ee [LSM-IPsec]: SELi... |
235 |
* Does the subject have permission to set security context? |
d28d1e080 [LSM-IPSec]: Per-... |
236 |
*/ |
d28d1e080 [LSM-IPSec]: Per-... |
237 238 |
rc = avc_has_perm(tsec->sid, ctx->ctx_sid, SECCLASS_ASSOCIATION, |
5f8ac64b1 [LSM-IPSec]: Corr... |
239 |
ASSOCIATION__SETCONTEXT, NULL); |
d28d1e080 [LSM-IPSec]: Per-... |
240 241 242 243 |
if (rc) goto out; return rc; |
cb969f072 [MLSXFRM]: Defaul... |
244 |
not_from_user: |
c1a856c96 SELinux: Various ... |
245 |
rc = security_sid_to_context(sid, &ctx_str, &str_len); |
e0d1caa7b [MLSXFRM]: Flow b... |
246 247 248 249 250 251 252 253 254 255 256 |
if (rc) goto out; *ctxp = ctx = kmalloc(sizeof(*ctx) + str_len, GFP_ATOMIC); if (!ctx) { rc = -ENOMEM; goto out; } |
e0d1caa7b [MLSXFRM]: Flow b... |
257 258 |
ctx->ctx_doi = XFRM_SC_DOI_LSM; ctx->ctx_alg = XFRM_SC_ALG_SELINUX; |
c1a856c96 SELinux: Various ... |
259 |
ctx->ctx_sid = sid; |
e0d1caa7b [MLSXFRM]: Flow b... |
260 261 262 263 264 265 |
ctx->ctx_len = str_len; memcpy(ctx->ctx_str, ctx_str, str_len); goto out2; |
d28d1e080 [LSM-IPSec]: Per-... |
266 |
out: |
ee2e6841b [XFRM]: Fix spars... |
267 |
*ctxp = NULL; |
d28d1e080 [LSM-IPSec]: Per-... |
268 |
kfree(ctx); |
e0d1caa7b [MLSXFRM]: Flow b... |
269 270 |
out2: kfree(ctx_str); |
d28d1e080 [LSM-IPSec]: Per-... |
271 272 273 274 275 276 277 |
return rc; } /* * LSM hook implementation that allocs and transfers uctx spec to * xfrm_policy. */ |
03e1ad7b5 LSM: Make the Lab... |
278 279 |
int selinux_xfrm_policy_alloc(struct xfrm_sec_ctx **ctxp, struct xfrm_user_sec_ctx *uctx) |
d28d1e080 [LSM-IPSec]: Per-... |
280 281 |
{ int err; |
c1a856c96 SELinux: Various ... |
282 |
BUG_ON(!uctx); |
d28d1e080 [LSM-IPSec]: Per-... |
283 |
|
03e1ad7b5 LSM: Make the Lab... |
284 |
err = selinux_xfrm_sec_ctx_alloc(ctxp, uctx, 0); |
d621d35e5 SELinux: Enable d... |
285 286 |
if (err == 0) atomic_inc(&selinux_xfrm_refcount); |
d28d1e080 [LSM-IPSec]: Per-... |
287 288 289 290 291 292 293 294 |
return err; } /* * LSM hook implementation that copies security data structure from old to * new for policy cloning. */ |
03e1ad7b5 LSM: Make the Lab... |
295 296 |
int selinux_xfrm_policy_clone(struct xfrm_sec_ctx *old_ctx, struct xfrm_sec_ctx **new_ctxp) |
d28d1e080 [LSM-IPSec]: Per-... |
297 |
{ |
03e1ad7b5 LSM: Make the Lab... |
298 |
struct xfrm_sec_ctx *new_ctx; |
d28d1e080 [LSM-IPSec]: Per-... |
299 300 |
if (old_ctx) { |
03e1ad7b5 LSM: Make the Lab... |
301 302 |
new_ctx = kmalloc(sizeof(*old_ctx) + old_ctx->ctx_len, GFP_KERNEL); |
d28d1e080 [LSM-IPSec]: Per-... |
303 304 305 306 307 |
if (!new_ctx) return -ENOMEM; memcpy(new_ctx, old_ctx, sizeof(*new_ctx)); memcpy(new_ctx->ctx_str, old_ctx->ctx_str, new_ctx->ctx_len); |
03e1ad7b5 LSM: Make the Lab... |
308 |
*new_ctxp = new_ctx; |
d28d1e080 [LSM-IPSec]: Per-... |
309 310 311 312 313 |
} return 0; } /* |
03e1ad7b5 LSM: Make the Lab... |
314 |
* LSM hook implementation that frees xfrm_sec_ctx security information. |
d28d1e080 [LSM-IPSec]: Per-... |
315 |
*/ |
03e1ad7b5 LSM: Make the Lab... |
316 |
void selinux_xfrm_policy_free(struct xfrm_sec_ctx *ctx) |
d28d1e080 [LSM-IPSec]: Per-... |
317 |
{ |
3c1c88ab8 SELinux: xfrm.c w... |
318 |
kfree(ctx); |
d28d1e080 [LSM-IPSec]: Per-... |
319 320 321 |
} /* |
c8c05a8ee [LSM-IPsec]: SELi... |
322 323 |
* LSM hook implementation that authorizes deletion of labeled policies. */ |
03e1ad7b5 LSM: Make the Lab... |
324 |
int selinux_xfrm_policy_delete(struct xfrm_sec_ctx *ctx) |
c8c05a8ee [LSM-IPsec]: SELi... |
325 |
{ |
86a264abe CRED: Wrap curren... |
326 |
const struct task_security_struct *tsec = current_security(); |
c8c05a8ee [LSM-IPsec]: SELi... |
327 |
int rc = 0; |
d621d35e5 SELinux: Enable d... |
328 |
if (ctx) { |
c8c05a8ee [LSM-IPsec]: SELi... |
329 330 331 |
rc = avc_has_perm(tsec->sid, ctx->ctx_sid, SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, NULL); |
d621d35e5 SELinux: Enable d... |
332 333 334 |
if (rc == 0) atomic_dec(&selinux_xfrm_refcount); } |
c8c05a8ee [LSM-IPsec]: SELi... |
335 336 337 338 339 |
return rc; } /* |
d28d1e080 [LSM-IPSec]: Per-... |
340 341 342 |
* LSM hook implementation that allocs and transfers sec_ctx spec to * xfrm_state. */ |
e0d1caa7b [MLSXFRM]: Flow b... |
343 |
int selinux_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *uctx, |
c1a856c96 SELinux: Various ... |
344 |
u32 secid) |
d28d1e080 [LSM-IPSec]: Per-... |
345 346 347 348 |
{ int err; BUG_ON(!x); |
c1a856c96 SELinux: Various ... |
349 |
err = selinux_xfrm_sec_ctx_alloc(&x->security, uctx, secid); |
d621d35e5 SELinux: Enable d... |
350 351 |
if (err == 0) atomic_inc(&selinux_xfrm_refcount); |
d28d1e080 [LSM-IPSec]: Per-... |
352 353 354 355 356 357 358 359 360 |
return err; } /* * LSM hook implementation that frees xfrm_state security information. */ void selinux_xfrm_state_free(struct xfrm_state *x) { struct xfrm_sec_ctx *ctx = x->security; |
3c1c88ab8 SELinux: xfrm.c w... |
361 |
kfree(ctx); |
d28d1e080 [LSM-IPSec]: Per-... |
362 |
} |
c8c05a8ee [LSM-IPsec]: SELi... |
363 364 365 366 367 |
/* * LSM hook implementation that authorizes deletion of labeled SAs. */ int selinux_xfrm_state_delete(struct xfrm_state *x) { |
86a264abe CRED: Wrap curren... |
368 |
const struct task_security_struct *tsec = current_security(); |
c8c05a8ee [LSM-IPsec]: SELi... |
369 370 |
struct xfrm_sec_ctx *ctx = x->security; int rc = 0; |
d621d35e5 SELinux: Enable d... |
371 |
if (ctx) { |
c8c05a8ee [LSM-IPsec]: SELi... |
372 373 374 |
rc = avc_has_perm(tsec->sid, ctx->ctx_sid, SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, NULL); |
d621d35e5 SELinux: Enable d... |
375 376 377 |
if (rc == 0) atomic_dec(&selinux_xfrm_refcount); } |
c8c05a8ee [LSM-IPsec]: SELi... |
378 379 380 |
return rc; } |
2c7946a7b [SECURITY]: TCP/U... |
381 |
/* |
d28d1e080 [LSM-IPSec]: Per-... |
382 383 384 385 386 387 |
* LSM hook that controls access to unlabelled packets. If * a xfrm_state is authorizable (defined by macro) then it was * already authorized by the IPSec process. If not, then * we need to check for unlabelled access since this may not have * gone thru the IPSec process. */ |
e0d1caa7b [MLSXFRM]: Flow b... |
388 |
int selinux_xfrm_sock_rcv_skb(u32 isec_sid, struct sk_buff *skb, |
2bf496903 SELinux: Convert ... |
389 |
struct common_audit_data *ad) |
d28d1e080 [LSM-IPSec]: Per-... |
390 391 392 |
{ int i, rc = 0; struct sec_path *sp; |
e0d1caa7b [MLSXFRM]: Flow b... |
393 |
u32 sel_sid = SECINITSID_UNLABELED; |
d28d1e080 [LSM-IPSec]: Per-... |
394 395 396 397 |
sp = skb->sp; if (sp) { |
d28d1e080 [LSM-IPSec]: Per-... |
398 |
for (i = 0; i < sp->len; i++) { |
676447263 [SELINUX] Fix bui... |
399 |
struct xfrm_state *x = sp->xvec[i]; |
d28d1e080 [LSM-IPSec]: Per-... |
400 |
|
e0d1caa7b [MLSXFRM]: Flow b... |
401 402 403 404 405 |
if (x && selinux_authorizable_xfrm(x)) { struct xfrm_sec_ctx *ctx = x->security; sel_sid = ctx->ctx_sid; break; } |
d28d1e080 [LSM-IPSec]: Per-... |
406 407 |
} } |
67f83cbf0 SELinux: Fix SA s... |
408 409 410 411 412 413 |
/* * This check even when there's no association involved is * intended, according to Trent Jaeger, to make sure a * process can't engage in non-ipsec communication unless * explicitly allowed by policy. */ |
e0d1caa7b [MLSXFRM]: Flow b... |
414 415 |
rc = avc_has_perm(isec_sid, sel_sid, SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, ad); |
d28d1e080 [LSM-IPSec]: Per-... |
416 |
|
d28d1e080 [LSM-IPSec]: Per-... |
417 418 419 420 421 422 423 424 |
return rc; } /* * POSTROUTE_LAST hook's XFRM processing: * If we have no security association, then we need to determine * whether the socket is allowed to send to an unlabelled destination. * If we do have a authorizable security association, then it has already been |
67f83cbf0 SELinux: Fix SA s... |
425 |
* checked in the selinux_xfrm_state_pol_flow_match hook above. |
d28d1e080 [LSM-IPSec]: Per-... |
426 |
*/ |
e0d1caa7b [MLSXFRM]: Flow b... |
427 |
int selinux_xfrm_postroute_last(u32 isec_sid, struct sk_buff *skb, |
2bf496903 SELinux: Convert ... |
428 |
struct common_audit_data *ad, u8 proto) |
d28d1e080 [LSM-IPSec]: Per-... |
429 430 431 |
{ struct dst_entry *dst; int rc = 0; |
adf30907d net: skb->dst acc... |
432 |
dst = skb_dst(skb); |
d28d1e080 [LSM-IPSec]: Per-... |
433 434 435 |
if (dst) { struct dst_entry *dst_test; |
c80544dc0 sparse pointer us... |
436 |
for (dst_test = dst; dst_test != NULL; |
d28d1e080 [LSM-IPSec]: Per-... |
437 438 439 440 |
dst_test = dst_test->child) { struct xfrm_state *x = dst_test->xfrm; if (x && selinux_authorizable_xfrm(x)) |
4e5ab4cb8 [SECMARK]: Add ne... |
441 |
goto out; |
d28d1e080 [LSM-IPSec]: Per-... |
442 443 |
} } |
67f83cbf0 SELinux: Fix SA s... |
444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 |
switch (proto) { case IPPROTO_AH: case IPPROTO_ESP: case IPPROTO_COMP: /* * We should have already seen this packet once before * it underwent xfrm(s). No need to subject it to the * unlabeled check. */ goto out; default: break; } /* * This check even when there's no association involved is * intended, according to Trent Jaeger, to make sure a * process can't engage in non-ipsec communication unless * explicitly allowed by policy. */ |
d28d1e080 [LSM-IPSec]: Per-... |
464 |
rc = avc_has_perm(isec_sid, SECINITSID_UNLABELED, SECCLASS_ASSOCIATION, |
e0d1caa7b [MLSXFRM]: Flow b... |
465 |
ASSOCIATION__SENDTO, ad); |
4e5ab4cb8 [SECMARK]: Add ne... |
466 467 |
out: return rc; |
d28d1e080 [LSM-IPSec]: Per-... |
468 |
} |